PageSightSecurity Best Practices
Essential security practices for protecting your API keys and user data.
API Key Security
Critical: Never Expose API Keys
Your API key is like a password. Never commit it to version control, expose it in client-side code, or share it publicly.
Secure API Key Storage
Loading code...
Client-Side Security
If you need to make API calls from client-side code, use a proxy endpoint to keep your API key secure on the server.
Loading code...
Input Validation
Always validate and sanitize user input before making API requests.
Loading code...
Security Checklist
Do
- • Store API keys in environment variables
- • Use server-side proxy for client requests
- • Validate all user input
- • Sanitize URLs before sending
- • Use HTTPS for all API requests
- • Rotate API keys periodically
- • Monitor API key usage
- • Use different keys for dev/prod
- • Add API keys to .gitignore
Don't
- • Commit API keys to version control
- • Expose API keys in client-side code
- • Share API keys publicly
- • Trust user input without validation
- • Make requests over HTTP
- • Use the same key everywhere
- • Hardcode API keys in source code
- • Log API keys in error messages
- • Store keys in localStorage/sessionStorage
Additional Security Tips
Security Best Practices
- Rate Limiting: Implement rate limiting on your proxy endpoints to prevent abuse
- IP Whitelisting: Consider IP whitelisting for server-side usage
- Request Logging: Log API requests (without sensitive data) for monitoring
- Error Handling: Don't expose sensitive information in error messages
- Key Rotation: Regularly rotate your API keys
- Access Control: Limit who can access your API keys